Hi, i am trying to run a rtorrent instance on a ubuntu server machine and i want it to do it’s upload and download on a specific interface.
in my case i have a wired interface that i use for GUI management of my server and another (currently wifi) interface that i want to dedicate for rtorrent.
to do this i tried to do it by binding an ip address for the listening socket and outgoing connections, which supposedly would do the job exactly as i want it to, but it still doesn’t use the specific interface i want it to to download parts.
here is the specific part of the doc about binding :
Using the -b flag orbind = option, you may change the IP address the listening socket and outgoing connections is bound to.
like in the doc i do specify the exact ip address i get from the dhcp on the AP i use but it still bypasses that completely to use the management interface (eth) for downloading.
is there a way to force the process to use the ip or interface of choice ? idk am i missing something about rtorrent config ?
Can you be a bit more descriptive, are you trying to use rtorrent over a VPN or similar? Where does your VPN tunnel live - e.g. your OpenWRT router?
Regarding rtorrent, you can bind listening sockets to an IP, but new outgoing sockets/connections to various IPs on the internet will follow the routing tables.
If you want rtorrent traffic to follow a different routing table, you’d need to either put it into a container with it’s own separate network stack and its own interfaces, or use nftables or iptables to set fwmark somehow, for example based on process uid in prerouting, and then add an ip rule to direct that traffic to an alternative routing table.
Additionally, if you’re doing this for privacy, you should also maybe think about DNS resolution, and any DNS cache sharing that might be going on.
Personally, I run rtorrent in a container with my own image that I periodically rebuild from my own Dockerfile from alpine, and I have it share a network namespace with a linuxserver.io wireguard container and I have a volume with a socket for flood ui. Stuff sharing network with linuxserver wireguard is fairly popular, is this perhaps something that fits your use case?
@risk Thanks for the reply adn sorry fot the late one, i didn’t get to look into this again for sometime.
So i am tryung to run rTorrent over the wifi interface directly, so no VPN, it directly goes to my ISP prouced router/modem.
reguarding the routing, i would like that all connections, either outgoing or incoming to my machine that are directed to rtorrent to use the specific interface. from your response it seems that rtorrent doesn’t give you that option. Can you point me to a way i can do the routing properly via iptables and ip rule.
although i don’t invision the wireguard network sharing right now, i might do so if i move to a vps instead of my spare laptop.
Ugh, that script doesn’t make things easier, the script installs a cron that starts rtorrent in a screen… pretty horrible.
And there’s nginx with php-fpm running rutorrent as services, but irssi and rtorrent are started with screen -d -m -S… in at least 2 places.
There also appears to be some upgrade facility built into the scripts.
I’d suggest that now that you’ve done the initial setup using the script, you stop using it and remove cron startup. Instead, add a couple of service rtorrent and irssi from a cron into systemd service files.
Systemd will create a separate cgroup hierarchy for the service when starting, which you can match in iptables rules and mark packets.
In ip rule, you can then choose to send packets with the mark, to a separate routing table which will only have the default route over wifi interface.
alternatively you could hack the scripts in places where screen runs to use systemd-run, this would break the scripts and would keep things weird… if you’re breaking the setup/upgrade scripts, might as well do things properly in the end
yes, the script is a bit closed and installs multiple useful features. In the meantime i tried something else using this linux-server image fork :
github/crazy-max/docker-rtorrent-rutorrent/blob/master/examples/compose/docker-compose.yml
it does work correctly except that when i bind tcp and udp ports to specific ips on my host machine :
ports:
- "192.168.1.12:${50000}:${50000}/udp"
while 192.168.1.12 is the wifi netwotk ipAddress. this of course does work if i don’t do the ip binding.
The magic sauce is in ensuring outgoing packets, identified by container input interface or src address, get the fwmark and/or connmark that allows the IP rule. (same as I was saying before, but it’s easier to pick up the initial iptables match rule).
@risk getting back at this now, i followed the steps from this blog post about routing your container traffic to a specific interface via a new docker network.
From the description it seems logical to do so and i was able to go through it but i don’t see any change after adding my exisiting container to the new routed network. supposedly only the outgoing traffic from my rTorrent container will go through the wifi interface, should i do something else for the incoming traffic ?